feat(filters): Add warden.user rack data to default filters list (#436)

bugsnag · Mar 13, 2018 · 7b7f249 · 7b7f249
1 parent a54d065
commit 7b7f249
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/lib/bugsnag/configuration.rb b/lib/bugsnag/configuration.rb
@@ -47,6 +47,7 @@ class Configuration
       /cookie/i,
       /password/i,
       /secret/i,
+      /warden\.user\.([^.]+)\.key/,
       "rack.request.form_vars"
     ].freeze
 

diff --git a/spec/report_spec.rb b/spec/report_spec.rb
@@ -574,7 +574,27 @@ def gloops
   it "filters params from all payload hashes if they are set in default meta_data_filters" do
 
     Bugsnag.notify(BugsnagTestException.new("It crashed")) do |report|
-      report.meta_data.merge!({:request => {:params => {:password => "1234", :other_password => "12345", :other_data => "123456"}}})
+      report.meta_data.merge!({
+        :request => {
+          :params => {
+            :password => "1234",
+            :other_password => "12345",
+            :other_data => "123456"
+          },
+          :cookie => "1234567890",
+          :authorization => "token",
+          :user_authorization => "token",
+          :secret_key => "key",
+          :user_secret => "key"
+        }
+      })
+      report.meta_data.merge!({
+        :session => {
+          :"warden.user.user.key" => "1234",
+          :"warden.user.foobar.key" => "1234",
+          :"warden.user.test" => "1234"
+        }
+      })
     end
 
     expect(Bugsnag).to have_sent_notification{ |payload, headers|
@@ -585,6 +605,15 @@ def gloops
       expect(event["metaData"]["request"]["params"]["password"]).to eq("[FILTERED]")
       expect(event["metaData"]["request"]["params"]["other_password"]).to eq("[FILTERED]")
       expect(event["metaData"]["request"]["params"]["other_data"]).to eq("123456")
+      expect(event["metaData"]["request"]["cookie"]).to eq("[FILTERED]")
+      expect(event["metaData"]["request"]["authorization"]).to eq("[FILTERED]")
+      expect(event["metaData"]["request"]["user_authorization"]).to eq("[FILTERED]")
+      expect(event["metaData"]["request"]["secret_key"]).to eq("[FILTERED]")
+      expect(event["metaData"]["request"]["user_secret"]).to eq("[FILTERED]")
+      expect(event["metaData"]["session"]).not_to be_nil
+      expect(event["metaData"]["session"]["warden.user.user.key"]).to eq("[FILTERED]")
+      expect(event["metaData"]["session"]["warden.user.foobar.key"]).to eq("[FILTERED]")
+      expect(event["metaData"]["session"]["warden.user.test"]).to eq("1234")
     }
   end